Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Detect oauth2 even if there's no authorize_uri #135

Merged
merged 1 commit into from
Jul 16, 2024

Conversation

mikix
Copy link
Contributor

@mikix mikix commented Nov 11, 2022

As long as we have a JWT and there's a token_uri, we can talk oauth2.

I ran into this while testing the bulk export flow against https://bulk-data.smarthealthit.org which does not expose an authorize_uri, but does expose token_uri and can talk oauth2 with JWTs just fine.

I am not confident that this is the best solution, but it is a solution. Should the code be even dumber and just use oauth2 if the http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris security extension is present at all? Given that there is no other auth system to fall back to, it seems reasonable to err on the side of oauth2. Happy to tweak this as folks like, or leave it as is.

As long as we have a JWT and there's a token_uri, we can talk oauth2.
@mikix mikix force-pushed the mikix/oauth2-jwt branch from 4e558a9 to 911b285 Compare July 16, 2024 16:17
@mikix mikix merged commit c1a42df into smart-on-fhir:main Jul 16, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants